Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
PAM_LOGIN_ACCESS(8)	    System Manager's Manual	   PAM_LOGIN_ACCESS(8)

NAME
       pam_login_access	-- login.access	PAM module

SYNOPSIS
       [service-name] module-type control-flag pam_login_access	[options]

DESCRIPTION
       The  login.access  service  module  for	PAM, pam_login_access provides
       functionality for only one PAM category:	account	management.  In	 terms
       of the module-type parameter, this is the "account" feature.

   Login.access	Account	Management Module
       The login.access	account	management component (pam_sm_acct_mgmt()), re-
       turns success if	and only the user is allowed to	login on the specified
       tty  (in	 the  case of a	local login) or	from the specified remote host
       (in the case of a remote	login),	according to the  restrictions	listed
       in login.access(5).

       accessfile=pathname  specifies	a   non-standard   location   for  the
			    login.access configuration file (normally  located
			    in /etc/login.access).

       nodefgroup	    makes  tokens  not	enclosed  in  parentheses only
			    match users, requiring groups to be	 specified  in
			    parentheses.   Without  nodefgroup	user and group
			    names are intermingled, with user  entries	taking
			    precedence	over group entries.  This is not back-
			    wards compatible with legacy login.access configu-
			    ration files.  However  this  mitigates  confusion
			    between users and groups of	the same name.

       fieldsep=separators  changes  the field separator from the default ":".
			    More than one separator may	be specified.

       listsep=separators   changes the	field separator	from the default space
			    (''), tab (\t) and comma (,).  More	than one sepa-
			    rator may be specified.   For  example,  listsep=;
			    will  replace  the	default	 with a	semicolon (;).
			    This option	may be useful when  specifying	Active
			    Directory	groupnames   which  typically  contain
			    spaces.

SEE ALSO
       pam(3), syslog(3), login.access(5), pam.conf(5)

AUTHORS
       The login.access(5) access control scheme was designed and  implemented
       by Wietse Venema.

       The pam_login_access module and this manual page	were developed for the
       FreeBSD	Project	by ThinkSec AS and NAI Labs, the Security Research Di-
       vision  of  Network  Associates,	 Inc.  under   DARPA/SPAWAR   contract
       N66001-01-C-8035	 ("CBOSS"),  as	 part of the DARPA CHATS research pro-
       gram.

FreeBSD	13.2		       January 30, 2020		   PAM_LOGIN_ACCESS(8)
NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pam_login_access&sektion=8&manpath=FreeBSD+14.0-RELEASE+and+Ports>

home | help